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CLAIMS 



1. A method for distributively and dynamically 
maki\ng a communications network secure, notably of the 
Internet type, characterized in that it comprises the 
following steps: 

thev step for interconnecting a device (D) between 
each\ computer equipment which must be made secure 
and tbe communications network, 

the sta.p for intercepting communications between a 
piece o\f computer equipment (A) provided with 
device (D\ and the communications network by means 
of said device to which this piece of equipment is 
connected, 

the step for\ obtaining information related to a 
user (U) of the, piece of computer equipment (A) by 
means of an authentication module (6) associated 
with device (D) , 

the step for defining a security level of the 
device (D) by means\of the authentication module 
(6) associated with deVice (D) , 

the step for transmitting information related to 
the user (U) and the security level of the device 
(D) to an authentication ^management server (S) 
connected to the network, 

the step for processing by means of the server 
(S) , said information related \o the user and to 
said security level of the \device and for 
authenticating the user with the help of said 
information, \ 
the step for managing the authentications and the 
security levels by means of the authentication 
management server (S) , 
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-\ the step for transmitting security parameters from 

\ the server to the network devices, 
- \ the step for storing by means of the devices, said 
\ security parameters frcfm the server (S) , 
\t he step for processing by means of the devices, 
^aid security parameters issued from the server 
(3J . 

(this ftiethod enables a distributed and dynamical 
securityNto be obtained on a computer network (R) , this 
security Ys configurable and may develop over time, 
depending <3n new needs or new modes of attack) 

2. A meVhod according to claim 1, characterized in 
that the secuVity parameters further comprise: 

a list W authorized computer client /server 
application^, 

information \enabling the devices to analyze the 
messages rfelated to said client /server 
applications. \ 

3. A method according to claim 2, characterized in 
that it further comprises the following steps: 

the step for analysing by means of the device (D) , 
the messages related to said client/server 
applications, \ 

the step for filtering\by means of the device (D) 
the messages related\ to said client /server 
applications, \ 

the step for altering by Wans of the device (D) 
the messages related t& said client/server 
applications. \ 
(this method allows a lock to b& obtained (commonly 
called a firewall) managed by a senver and distributed 
over all the network. This lock further has particular 
properties for each piece of computer equipment 
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e&uipped with the device) 

\ 4. A method according to claim 1, characterized in 

thaV the security parameters further comprise: 

\a list of pieces of computer equipment which the 
fsser (U) is authorized to communicate with. 
5\ A method according to claim 4, characterized in 

that it\further comprises the following steps: 

the\step for allowing the device (D) transmit 
messages between the piece of computer equipment 
(A) ahd computer equipment which the user (U) is 
authorised to communicate with, 

the step\for blocking with the device (D) messages 
between t\e piece of computer equipment (A) and 
computer equipment which the user (U) is not 
authorized tX communicate with. 

(this method enables a partitioning system to be 

designed for the netWork components) 

6. A method according to claim 1, characterized in 
that it further comprises the following steps: 

the step for customizing the device (D) with the 
help of a private Wicipherment key provided by 
means of the authentication module (6), 
the step for storing by means of the server (S) , 
all public encipherment keys associated with 
private encipherment keys which customize the 
devices. \ 

7. A method according to claim 6, characterized in 
that the security parameters further comprise: 

a list of computer equipment wnach the user (U) is 
authorized to communicate with,\ in an enciphered 
way, 

the public encipherment key of \ each piece of 
computer equipment which the user (U) is 
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authorized to communicate with, in an enciphered 
way . 

8.U method according to claim 7, characterized in 
that it further comprises the following steps: 

the Wp for enciphering by means of device (D), 
communV cat ions by combining the private 
encipheVment key of said device (D) with the 
public eVcipherment key of the piece of computer 
equipmentV which the user (U) is authorized to 
communicateX with, in an enciphered way. 
(this method provides encipherment of communications 

between two device^. This encipherment depends on each 

pair of devices) \ 

9. A system foY distributively and dynamically 
making a communications network secure, notably of the 
Internet type, characterized in that it comprises: 

a device (D) interconnected between each piece of 

computer equipment whVch is to be made secure and 

the communications network, 

said device including t\o input/output interfaces 
for intercepting communications between a piece of 
computer equipment (A) to\which it is connected 
and the communications network, 

said device further including an authentication 

module (6) for obtaining information related to a 

user (U) of the computer equipment (A) and for 

defining a security level of said\device, 

said device including means foV transmitting 

information related to the user (m and to the 

security level of the device, \ 

an authentication management server (s\ connected 

to the network including processing Veans for 

processing said information and said \security 
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\ level and for authenticating the user with the 
\ help of said information, 

- \ said server including management means for 

managing the authentications and the security 
5 levels, 

saYd server (S) including means for transmitting 
security parameters, to the devices of the 
network, 

said Ndevices .(D) including storage means for 
10 storings, said security parameters, 

- said devices (D) including processing means for 
processing said security parameters. 

10. A system according to claim 9, characterized 
in that the secuMty parameters comprise: 

15 - a list of \ authorized computer client/server 
applications, \ 

- information enabling the devices to analyze the 
messages related to saVd client /server applications. 

11. A system according to claim 10, characterized 
20 in that the processing means of the device comprise: 

means for analyzing the messages related to said 
client /server applications , 

- means for filtering the\messages related to said 
client /server applications^ 

25 - means for altering messages related to said 
client/server applications . 

12. A system according to clkim 9, characterized 
in that the security parameters further comprise: 

- a list of computer equipment which the user (U) is 
30 authorized to communicate with. \ 

13. A system according to claim 12\ characterized 
in that said processing means of the device further 
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means for allowing messages to be transmitted 
between the piece of computer equipment (A) and 
computer equipment which the user (U) is 
^authorized to communicate with, 
jeans for blocking messages between computer 
equipment (A) and computer equipment which the 
us^r (U) is not authorized to communicate with. 

14. >A system according to claim 9, characterized 
in . that 

the a\ithentication module associated with the 
customised device by means of a private 
encipherVient key which customizes the device with 
which it Ys associated, 

the serveA (S) stores all the public encipherment 
keys associated with private encipherment keys 
which customize the devices. 

15. A system according to claim 14, characterized 
in that the security, parameters further comprise: 

- a list of computW equipment which the user (U) is 
authorized to conjmunicate with, in an enciphered 
way, 

the public encipherment key of each piece of 
computer equipment \ which the user (U) is 
authorized to communicate with, in an enciphered 
way . 

16. A system according tvo claim 15, characterized 
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in that the device further comprises: 

an encipherment moduJNe for enciphering 
communications by combining the\ private encipherment 
key of device (D) with the publics encipherment key of 
the piece of computer equipment with which the user (U) 
is authorized to communicate with,\ in an enciphered 
way. 
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17. A server for distributively and dynamically 
making a communications network secure, notably of the 
Internet type, characterized in that it comprises: 

)rocessing means for processing the information 
from a device (D) and related to a user (U) of a 
piece of computer equipment (A) to which this 
deYice (D) is connected, 

sai\d processing means enabling the user (U) to be 
identified with the help of said information, 
10 - management means for managing the authentications, 

- transmission means for transmitting security 
parameters to the network devices. 

18. A server according to claim 17, characterized 
in that the security parameters comprise: 

15 - a list \of authorized computer client /server 
applications, 

information\ enabling the devices to analyze the 
messages Related to 
applications . 

20 19. A server according to claim 17, characterized 

in that the security parameters further comprise: 

a list of computeV equipment which the user (U) is 
authorized to communicate with. 

20. A server according to claim 17, characterized 
25 in that it comprises 

- storage means for \ storing all the public 
encipherment keys Associated with private 
encipherment keys which customize the devices. 

21. A server according to\ claim 20, characterized 
30 in that the security parameters further comprise: 

- a list of computer equipment\which the user (U) is 
authorized to communicate with, in an enciphered 



said 



client/ server 



way, 



\the public encipherment key of each piece of 
computer equipment which the user (U) is 
authorized to communicate with, in an enciphered 
waj 

22. \ Device for making a communications network 
secure, Interconnected between each piece of computer 
equipment\ which is to be made secure and said network 
and characterized in that it comprises: 

two input/output interfaces for intercepting 
10 communications between computer equipment (A) to 

which At is connected and the communications 
network, 

- an authentication module (6) for obtaining 
information related to a user (U) of the computer 
15 equipment (A) and for defining the security level 

of said devise, 

means for transmitting information related to 
user (U) and \the device's security level to an 
authentication rtianagement server (S) , 
20 - storage means for storing security levels from the 
server (S) , \ 

processing means \for processing said security 
levels from the server (S) . 

23. A device according to claim 22, characterized 

V 

25 in that the security parameters comprise: 
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a list of authorized 
applications, \ 



computer client /server 



information enabling the devices to analyze the 
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messages related to\ said 
applications. \ 

24. A device according to claim 23, characterized 
in that said processing means of the device comprise: 

means for analyzing the messages related to said 
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client /server applications , 

leans for filtering the messages related to said 
client/ server applications, 

means for altering messages related to said 
cluent /server applications . 

25 A A device according to claim 22, characterized 
in that Ahe security parameters further comprise: 

a list of computer equipment which the user (U) is 
authorized to communicate with. 
10 26. A ^device according to claim 25, characterized 

in that said\ processing means of the device comprise: 

means f®r allowing messages to be transmitted 
between a\ piece of computer equipment (A) and the 
computer \equipment which the user (U) is 
15 authorized Vo communicate with, 

means for blocking messages between a piece of 
computer equipment (A) and computer equipment 
which the user\ (U) is unauthorized to communicate 
with . 

20 27. A device according to claim 22, characterized 

in that the authentication module associated with said 
device further provides: 

a private enciphermeht key which customizes said 

device ( D) . \^ 
25 28. A device according to claim 27, characterized 

in that the security parameter's further comprise: 
- a list of computer equipment which the user (U) is 

authorized to communicate \ith, in an enciphered 

way, 

30 - the public encipherment key\ of each piece of 
computer equipment which the user (U) is 
authorized to communicate with,\ in an enciphered 
way . 
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29. A advice according to claim 28, characterized 
in that it further comprises: 
- an encipherrftaQt module for enciphering 
communications by combrnq^ng the private encipherment 
key of said device (D) with tbe public encipherment key 
of the computer equipment whbsh the user (U) is 
authorized to communicate with, in an^Aciphered way. 



